Your IT Supervisor is worried about users accidentally deleting objects from an S3 bucket.
Which of the following can help prevent accidental deletion of objects in an S3 bucket? (Select Three)
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answers - B, C, and D.
AWS Documentation mentions the following.
When a user performs a DELETE operation on an object, subsequent simple (un-versioned) requests will no longer retrieve the object.
However, all versions of that object will continue to be preserved in your Amazon S3 bucket and can be retrieved or restored.
Versioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.
By default, all requests to your Amazon S3 bucket require your AWS account credentials.
If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and valid six-digit code and serial number from an authentication device in your physical possession.
For more information on the features of S3, please visit the following URL-
https://aws.amazon.com/s3/faqs/To know more about Option D, Please refer to the below AWS Document.
https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/Sure, I'd be happy to explain the options available to prevent accidental deletion of objects in an S3 bucket.
A. Enable encryption for the S3 bucket: Enabling encryption for an S3 bucket can help protect the confidentiality of data stored in the bucket, but it does not prevent accidental deletion of objects in the bucket.
B. Enable MFA Delete on the S3 bucket: MFA Delete is a feature that requires a user to provide two forms of authentication to delete an object in an S3 bucket. This adds an extra layer of security and helps prevent accidental deletions. MFA Delete can be enabled at the bucket level, but it requires users to have an MFA device to delete objects, which may not be practical for all use cases.
C. Enable Versioning on the S3 bucket: Enabling versioning on an S3 bucket allows you to keep multiple versions of an object in the bucket. When an object is deleted, the previous version of the object remains in the bucket, providing a way to recover accidentally deleted data. Versioning can be enabled at the bucket level, and once enabled, it cannot be disabled.
D. Enable IAM Roles on the S3 bucket: IAM Roles are a way to grant permissions to AWS services and users. However, they do not prevent accidental deletion of objects in an S3 bucket.
Therefore, the correct answers to the question are B, C, and D. Enabling MFA Delete, Versioning, and IAM Roles can all help prevent accidental deletion of objects in an S3 bucket.